CVE-2025-30358

Name of the Vulnerable Software and Affected Versions Mesop versions prior to 0.14.1

Description A class pollution vulnerability in Mesop allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime, potentially leading to a denial of service (DoS) attack against the server. This issue could also result in severe consequences, such as identity confusion, where an attacker could impersonate an assistant or system role within conversations, potentially enabling jailbreak attacks when interacting with large language models (LLMs). The vulnerability could manipulate the intended data-flow or control-flow of the application at runtime, leading to severe consequences like remote code execution when gadgets are available.

Recommendations For versions prior to 0.14.1, upgrade to version 0.14.1 to obtain a fix for the issue. As a temporary workaround, consider restricting access to sensitive modules and functions to minimize the risk of exploitation. Avoid using vulnerable class attributes and global variables in the affected Mesop modules until the issue is resolved.